Thank you very much for the opportunity to comment on this important
issue.

Financial institutions have already been charged with the responsibility
for properly disposing of sensitive materials by the February 1,
2001, guidelines, yet significant problems remain with the means
chosen by many of them to address this responsibility. While I generally
favor less rather than more regulation, it appears that this relatively
simple problem needs to be addressed more definitively.

Rather than
debate words and terms used in the rules and proposed rules, for
this discussion,
let me simply group all of the credit-related
contents of a loan file together as "sensitive financial information," and
state my belief that this information should be adequately disposed
of for a customer or an applicant who did not meet the requirements
to become a customer.

In my role as a banking consultant, I have been called on by numerous
financial institution defendants and consumer plaintiffs who have
encountered serious problems due to the inability of a financial
institution to adequately dispose of sensitive financial information.
Credit fraud and identity theft, in all of their forms, can result
from the improper disposal of sensitive financial information. The
fraud that can result from the improper disposal of this sensitive
financial information can cause severe personal hardships and financial
losses.

The basic problem here is very simple to solve yet is compounded
by faulty thinking on the part of some financial institutions. After
all, what we are dealing with here is how to throw away the trash.

I have observed that many financial institutions contract out the
disposal of sensitive financial information. This is an unnecessary
step that adds cost and increases the risk that employees of the
disposal company can lose or steal a file and use its information
to commit fraud. It is unreasonable to expect that garbage-men will
be adequately trained in the handling of sensitive financial information
whereas all bank personnel are well aware of the importance of this
matter.

Holders of sensitive financial information should be required to
dispose of their sensitive financial information promptly and in-house
by whatever personnel is involved in physically terminating a loan
file when it is due to be disposed of according to the record retention
policy. This destroys the sensitive financial information as soon
as possible, and does not send it outside the financial institution
in a usable form.

Holders of sensitive
financial information should be required to dispose of it as soon
as practical after the expiration of the required
record retention period. In some cases I have seen, sensitive financial
information is retained for several months beyond its required record
retention period so that it can be disposed of in a "batch" of
records covering a specified time bracket. For example, the financial
institution will collect and hold closed-out loan files awaiting
the arrival of the document destruction company truck. This additional
time creates additional and unnecessary risk that the documents might
be misused.

This vigilance should extend to all users and handlers of sensitive
financial information including not only all financial institutions
but also credit reporting agencies, mortgage lenders and brokers,
mortgage bankers, investors who purchase mortgage loans as an investment,
credit companies, retailers, car dealers, and anyone else who handles
sensitive financial information at any point along its physical life.

My viewpoints on these matters are based upon my thirty years in
the financial institutions, lending, and consulting businesses. As
a banker, I served as Executive Vice President and manager of lending
and mortgage banking, as a Board member, and other capacities at
several large institutions. Institutions for which I have been employed
include Citigroup, Ford Motor Credit, and entities that are now JP
Morgan Chase, Bank One, Bank of America, AmSouth, and Wells Fargo.
Plus, I served as a governmental financial institution regulator
for over two years. As a consultant, I have consulted for six of
the top ten banks in the country, the FDIC, RTC, IRS, USAID, the
World Bank, several foreign banks, other domestic and foreign governmental
agencies, major corporations such as IBM, Cisco Systems, and Kawasaki,
and as an expert banking consultant and witness to many leading law
firms on over 190 cases nationwide.